Sign-up

VARIoT news about IoT security

CVE-2024-43044: A Critical RCE Vulnerability in Jenkins With 80,000 Exposed Devices Found | CIP Blog

Trust: 3.0

Fetched: Sept. 16, 2024, 8:50 p.m., Published: Aug. 21, 2024, 8:45 p.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-43044, CVE-2024-43045

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities | Trend Micro (SE)

Trust: 4.25

Fetched: Sept. 16, 2024, 8:49 p.m., Published: Sept. 12, 2024, midnight
 Vulnerabilities: weak password, code execution
Affected productsExternal IDs
vendor: ipswitch model: whatsup gold
vendor: ipswitch model: whatsup
vendor: trend micro model: security
vendor: trend model: security
db: NVD ids: CVE-2024-6670, CVE-2024-4885

DSA-2024-354: Security Update for a Dell Client Platform BIOS for a Use of Default Cryptographic Key Vulnerability | Dell US

Trust: 4.0

Fetched: Sept. 16, 2024, 8:48 p.m., Published: Sept. 8, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: bios
db: NVD ids: CVE-2024-39584

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Related entries in the VARIoT vulnerabilities database: VAR-202109-1909

Trust: 3.5

Fetched: Sept. 16, 2024, 8:46 p.m., Published: Sept. 16, 2024, 1:56 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: trend model: security
vendor: trend micro model: security
db: NVD ids: CVE-2024-43461, CVE-2021-40444, CVE-2024-38112

Google Play will no longer pay to discover vulnerabilities in popular Android apps - Android Authority

Trust: 4.75

Fetched: Sept. 16, 2024, 8:46 p.m., Published: Aug. 19, 2024, 7:39 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: google model: android

System BIOS komputerów Dell Precision 3560 i Latitude 5520 | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Sept. 16, 2024, 8:42 p.m., Published: Sept. 16, 3560, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: latitude
vendor: dell model: bios

Two-Factor Authentication: Defense Against BYOD Threats

Trust: 3.0

Fetched: Sept. 16, 2024, 8:41 p.m., Published: Sept. 16, 2024, 2:15 p.m.
 Vulnerabilities: weak password
Affected productsExternal IDs

Security Advisories & Updates | OpenVPN

Trust: 5.0

Fetched: Sept. 16, 2024, 8:41 p.m., Published: Nov. 27, 2023, 10:31 p.m.
 Vulnerabilities: privilege escalation
Affected productsExternal IDs
db: NVD ids: CVE-2024-24974, CVE-2024-27459, CVE-2024-27903

Brinks Home Security Review 2024 | Security.org

Trust: 3.75

Fetched: Sept. 16, 2024, 8:39 p.m., Published: Sept. 5, 2024, 9:28 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: home

How to turn off Activation Lock | SimpleMDM

Trust: 3.0

Fetched: Sept. 16, 2024, 8:38 p.m., Published: Aug. 27, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: icloud
vendor: apple model: iphone
vendor: apple model: ipad

Web app and API vulnerabilities, and how to secure them with Azure and Fortinet - Microsoft Community Hub

Trust: 3.5

Fetched: Sept. 16, 2024, 8:38 p.m., Published: Aug. 16, 2024, 6:05 p.m.
 Vulnerabilities: sql injection, cross-site scripting, information leakage
Affected productsExternal IDs

Update Canonical Ubuntu Desktop: USN-6967-1: Intel Microcode vulnerabilities

Trust: 5.25

Fetched: Sept. 16, 2024, 8:36 p.m., Published: Jan. 16, 6967, midnight
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: canonical model: ubuntu
db: NVD ids: CVE-2023-49141, CVE-2024-25939, CVE-2024-24853, CVE-2024-24980, CVE-2023-42667

Configure Microsoft Defender for Endpoint on iOS features - Microsoft Defender for Endpoint | Microsoft Learn

Trust: 3.0

Fetched: Sept. 16, 2024, 8:31 p.m., Published: Aug. 29, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: apple model: ipad

CVE-2024-45038 Device crash via malformed MQTT packet when d... - vulnerability database | Vulners.com

Trust: 4.25

Fetched: Sept. 16, 2024, 8:30 p.m., Published: Aug. 27, 2024, 8:36 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: mesh model: mesh
db: NVD ids: CVE-2024-45038

Are dark web syndicates turning to social media for cybercrime? | Group-IB Blog

Trust: 3.5

Fetched: Sept. 16, 2024, 8:28 p.m., Published: Sept. 16, 2024, 7:34 a.m.
 Vulnerabilities: sql injection, cross-site scripting
Affected productsExternal IDs
vendor: trend model: security

Zyxel Security Advisory September 2024 - Vulnerabilities in routers | Born's Tech and Windows World

Trust: 3.0

Fetched: Sept. 16, 2024, 8:27 p.m., Published: Sept. 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-7261

System BIOS dla komputera Dell Latitude 7290/7390/7490 | Szczegóły sterownika | Dell Polska

Trust: 3.0

Fetched: Sept. 16, 2024, 8:26 p.m., Published: Sept. 19, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: dell model: latitude
vendor: dell model: latitude 7290
vendor: dell model: bios

CVE-2024-40766: Critical Improper Access Control Vulnerability Affecting SonicWall Devices | Noise

Trust: 4.75

Fetched: Sept. 16, 2024, 8:25 p.m., Published: Sept. 9, 2024, midnight
 Vulnerabilities: improper access control, access control vulnerability
Affected productsExternal IDs
vendor: sonicwall model: soho
vendor: sonicwall model: sonicos
db: NVD ids: CVE-2024-40766

CVE-2024-21668: react-native-mmkv Insertion of Sensitive Information into Log File vulnerability

Trust: 3.0

Fetched: Sept. 16, 2024, 8:25 p.m., Published: Sept. 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-21668

CVE-2024-45038 - Meshtastic Device Firmware MQTT Denial of Service Vulnerability

Trust: 6.25

Fetched: Sept. 16, 2024, 8:24 p.m., Published: Aug. 27, 2024, 9:15 p.m.
 Vulnerabilities: denial of service
Affected productsExternal IDs
vendor: mesh model: mesh
db: NVD ids: CVE-2024-45038